attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.

This article builds upon Mail server. The goal of this article is to setup Postfix and explain what the basic configuration files do. There are instructions for setting up local system user-only delivery and a link to a guide for virtual user delivery.

Hide the sender's IP and user agent in the Received header

This is a privacy concern mostly, if you use Thunderbird and send an email. The received header will contain your LAN and WAN IP and info about the email client you used.
(Original source: AskUbuntu)
What we want to do is remove the Received header from outgoing emails. This can be done by the following steps:

Postfix in a chroot jail

Postfix is not put in a chroot jail by default. The Postfix documentation [1] provides details about how to accomplish such a jail. The steps are outlined below and are based on the chroot-setup script provided in the Postfix source code.

First, go into the master.cf file in the directory /etc/postfix and change all the chroot entries to 'yes' (y) except for the services qmgr, proxymap, proxywrite, local, and virtual

Second, create two functions that will help us later with copying files over into the chroot jail (see last step)

Then start/enable the postgrey service. Afterwards, reload the postfix service. Now greylisting should be enabled.

Configuration

Configuration is done via editing the postgrey.service file. First copy it over to edit it.

# cp /usr/lib/systemd/system/postgrey.service /etc/systemd/system/

Whitelisting

To add automatic whitelisting (successful deliveries are whitelisted and don't have to wait any more), you could add the --auto-whitelist-clients=N option and replace N by a suitably small number (or leave it at its default of 5).

To add your own list of whitelisted clients in addition to the default ones, create the file /etc/postfix/whitelist_clients.local and enter one host or domain per line, then restart postgrey.service so the changes take effect.

Troubleshooting

If you specify --unix=/path/to/socket and the socket file is not created ensure you have removed the default --inet=127.0.0.1:10030 from the service file.

Rule-based mail processing

With policy services one can easily finetune Postfix' behaviour of mail delivery.
postfwd and policyd (policyd-mysqlAUR, policyd-pgsqlAUR or policyd-sqliteAUR) provide services to do so.
This allows you to e.g. implement time-aware grey- and blacklisting of senders and receivers as well as SPF policy checking.

Policy services are standalone services and connected to Postfix like this:

Edit /etc/python-policyd-spf/policyd-spf.conf to your needs. An extensively commented version can be found at /etc/python-policyd-spf/policyd-spf.conf.commented.
Pay some extra attention to the HELO check policy, as standard settings strictly reject HELO failures.

In main.cf file, add a timeout for the policyd:

/etc/postfix/main.cf

policy-spf_time_limit = 3600s

Then add a transport

/etc/postfix/master.cf

policy-spf unix - n n - 0 spawn
user=nobody argv=/usr/bin/policyd-spf

Lastly you need to add the policyd to the smtpd_recipient_restrictions. To minimize load put it to the end of the restrictions but above any reject_rbl_client DNSBL line: